Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for AWS KMS

AWS KMS
AWS KMS icon

Coralogix Extension For AWS KMS Includes:

Alerts - 6

Stay on top of AWS KMS key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Multiple keys created

This alert will trigger once someone creates more than 5 new KMS keys in a time period of 10 minutes. KMS keys are used to encrypt data and provide access for different services to different places in the AWS environment, Once a KMS key is created it can provide access to different assets in the AWS environment. Impact Access can be granted to unnecessary assets Mitigation Confirm with the relevant user the reason for this activity. If needed, disable or delete the relevant key/s. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486

New Key created

This alert will trigger once someone creates a new KMS key. KMS keys are used to encrypt data and provide access for different services to different places in the AWS environment. Once a KMS key created it can provide access to different assets in the AWS environment. Impact Access can be granted to unnecessary assets Mitigation Confirm with the relevant user the reason for this activity. If needed, disable or delete the relevant key. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486

Multiple KMS keys scheduled deletion

This alert will trigger once someone scheduled deletion action for more the 5 KMS keys in a time period of 10 minutes. KMS keys are used to encrypt data and provide access for different services to different places in the AWS environment, Once a key is deleted the services associated with this key might lose access to different places in the AWS which can impact business continuity. Impact Service will lose the ability to access different assets in the AWS. Mitigation Confirm with the relevant user the reason for this activity. If needed, stop the deletion process. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486

KMS key scheduled deletion

This alert will trigger once someone scheduled deletion for a KMS keys. KMS keys are used to encrypt data and provide access for different services to different places in the AWS environment. Once a key is deleted the services associated with this key might lose access to different places in the AWS which can impact business continuity. Impact Service will lose the ability to access different assets in the AWS. Mitigation Confirm with the relevant user the reason for this activity. If needed, stop the deletion process. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486

KMS key disabled

This alert will trigger once a KMS key is disabled. KMS keys are used to encrypt data and provide access for different services in the AWS environment, Once a key is disabled the services associated with this key might lose access to various services in AWS which can impact business continuity. Impact Services will lose access to different assets in AWS. Mitigation Confirm with the relevant user the reason for this activity. If needed, re-enable the relevant key. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486

Multiple KMS keys disabled

This alert will trigger once someone disabled more then 5 KMS key in an interval of 10 minutes. KMS keys are used to encrypt data and provide access for different services to different places in the AWS environment, Once a key was disabled the services associated with this key might lose access to different places in the AWS which can impact business continuity. Impact Services will lose the ability to access different assets in the AWS. Mitigation Confirm with the relevant user the reason for this activity. If needed, re-enable the relevant key/s. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486

Integration

Learn more about Coralogix's out-of-the-box integration with AWS KMS in our documentation.

Read More
Schedule Demo